Commit Graph

303 Commits

Author SHA1 Message Date
Sojan Jose
75c83dd0d9
chore: Fix for 2 vulnerabilities (#9602)
<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br
/>![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

### Snyk has created this PR to fix 2 vulnerabilities in the rubygems
dependencies of this project.

#### Snyk changed the following file(s):

- `Gemfile`
- `Gemfile.lock`




#### Vulnerabilities that will be fixed with an upgrade:

|  | Issue | Score | 

:-------------------------:|:-------------------------|:-------------------------
![medium
severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png
'medium severity') | Improper Input Validation
<br/>[SNYK-RUBY-ACTIONPACK-7210237](https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-7210237)
| &nbsp;&nbsp;**496**&nbsp;&nbsp;
![medium
severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png
'medium severity') | Missing Cryptographic Step
<br/>[SNYK-RUBY-OPENSSL-6036190](https://snyk.io/vuln/SNYK-RUBY-OPENSSL-6036190)
| &nbsp;&nbsp;**479**&nbsp;&nbsp;




---

> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with
your project.
> - Max score is 1000. Note that the real score may have changed since
the PR was raised.
> - This PR was automatically created by Snyk using the credentials of a
real user.

---

**Note:** _You are seeing this because you or someone else with access
to this repository has authorized Snyk to open fix PRs._

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmMDU0MzI0Yy1kZjU0LTQ2OTMtYTY1NC1kY2MyZGRmODU1MTIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImYwNTQzMjRjLWRmNTQtNDY5My1hNjU0LWRjYzJkZGY4NTUxMiJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)
📜 [Customise PR
templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
🛠 [Adjust project
settings](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)
📚 [Read about Snyk's upgrade
logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)

---

**Learn how to fix vulnerabilities with free interactive lessons:**

🦉 [Improper Input
Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc&#x3D;fix-pr)

[//]: #
'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"dotenv-rails","from":"2.8.1","to":"3.0.0"},{"name":"rails","from":"7.0.8.3","to":"7.0.8.4"},{"name":"rspec-rails","from":"6.0.2","to":"6.0.3"},{"name":"web-push","from":"3.0.0","to":"3.0.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No
Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-OPENSSL-6036190","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing
Cryptographic
Step"}],"prId":"f054324c-df54-4693-a654-dcc2ddf85512","prPublicId":"f054324c-df54-4693-a654-dcc2ddf85512","packageManager":"rubygems","priorityScoreList":[496,479],"projectPublicId":"b7197bbd-6200-4f23-931d-c39928584360","projectUrl":"https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-RUBY-ACTIONPACK-7210237","SNYK-RUBY-OPENSSL-6036190"],"vulns":["SNYK-RUBY-ACTIONPACK-7210237","SNYK-RUBY-OPENSSL-6036190"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2024-06-06 16:23:48 +05:30
dependabot[bot]
b53ce3fa79
chore(deps-dev): bump rack-contrib from 2.4.0 to 2.5.0 (#9559)
Bumps rack-contrib from 2.4.0 to 2.5.0.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-29 13:15:05 -07:00
Sojan Jose
db13049e6f
fix: [Snyk] Security upgrade administrate-field-active_storage from 1.0.2 to 1.0.3 (#9496)
- Security upgrade administrate-field-active_storage from 1.0.2 to 1.0.3
2024-05-21 13:36:11 -07:00
dependabot[bot]
85dcb84675
chore(deps): bump rexml from 3.2.5 to 3.2.8 (#9489)
Bumps rexml from 3.2.5 to 3.2.8.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-16 18:19:22 -07:00
Sojan Jose
fc1c992cde
fix: [Snyk] Security upgrade devise_token_auth from 1.2.1 to 1.2.3 (#9468)
fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIONCABLE-20338
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2024-05-15 11:52:40 -07:00
dependabot[bot]
1d4798a3bf
chore(deps): bump nokogiri from 1.16.4 to 1.16.5 (#9459)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.4 to 1.16.5.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.4...v1.16.5)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 18:12:02 -07:00
Sojan Jose
e992283993
fix: [Snyk] Security upgrade omniauth-rails_csrf_protection from 1.0.1 to 1.0.2 (#9454)
fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2024-05-13 16:07:56 -07:00
Sojan Jose
d34d726b37
chore(snyk): Security upgrade administrate-field-active_storage from 1.0.1 to 1.0.2 (#9332)
fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIONCABLE-20338
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2024-05-01 12:05:40 -07:00
Sojan Jose
a5ab8201c6
fix: [Snyk] Fix for 1 vulnerabilities (#9316)
fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-SIDEKIQ-6689289

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2024-04-29 14:24:06 +05:30
Pranav
ffd47081bd
chore(cleanup): Delete sentiment feature (#9304)
- The feature is unused, removing it for now, will bring it back with better models later.
2024-04-25 22:49:10 -07:00
Sojan Jose
ade658ad86
chore: [Snyk] Fix for 1 vulnerabilities (#9229)
fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2024-04-15 14:07:37 -07:00
Sojan Jose
6b7a707fef
chore: Security upgrade omniauth-google-oauth2 from 1.1.1 to 1.1.2 (#9173)
fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2024-04-03 20:22:46 +05:30
Pranav
dca14ef82d
fix: Downgrade rack-cors to 2.0.0 to fix CVE-2024-27456 (#9032) 2024-02-27 20:20:59 -08:00
Sojan Jose
ab56374b2f
chore: Fix Bundle Audit Breakages (#9016)
Name: actionpack
Version: 7.0.8
CVE: CVE-2024-26143
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947

-----

Name: rack
Version: 2.2.8
CVE: CVE-2024-25126
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941
2024-02-26 15:25:21 +05:30
dependabot[bot]
8b5735c915
chore(deps): bump grpc from 1.54.0 to 1.54.3 (#8906)
Bumps [grpc](https://github.com/google/grpc) from 1.54.0 to 1.54.3.
- [Release notes](https://github.com/google/grpc/releases)
- [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md)
- [Commits](https://github.com/google/grpc/compare/v1.54.0...v1.54.3)

---
updated-dependencies:
- dependency-name: grpc
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 12:52:45 +05:30
dependabot[bot]
47c0decf1e
chore(deps): bump nokogiri from 1.16.0 to 1.16.2 (#8861)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.0 to 1.16.2.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.0...v1.16.2)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-06 09:47:16 +04:00
Vishnu Narayanan
17cb788193
fix: Upgrade gmail_xoauth gem to 0.4.3 (#8817) 2024-01-30 11:11:38 -08:00
Pranav Raj S
12916ceca6
fix: Capture delivery errors to avoid false positives (#8790)
The system did not detect the delivery errors earlier, resulting in some false positives. The user was not informed when an email failed to be delivered. While we do handle failure status in other channels, we were not able to capture the actual delivery status for the email channel.

This pull request makes the following changes:

- Updated the class EmailReplyWorker to use the deliver_now method instead of deliver_later. This change is made to raise any errors that may occur with the SMTP connection. The errors are then captured and sent to Sentry, and the email is marked as failed. Previously, we did not consider the case of retries in the email channel, so this feature is currently not functioning. So, I have disabled the retry option. We will address this in a follow-up ticket.
- Downgraded the net-smtp gem to version 0.3.4. This change is made to avoid an argument error when using XOAUTH2.

Fixes: https://linear.app/chatwoot/issue/CW-3032/argumenterror-wrong-authentication-type-xoauth2-argumenterror
2024-01-26 14:22:18 +04:00
Sojan Jose
59184122f7
fix: [Snyk] Security upgrade administrate from 0.19.0 to 0.20.1 (#8741)
-  Upgrade  administrate  gem to latest
- Update the `show` partial with changes from upstream
2024-01-25 17:33:21 +04:00
Sojan Jose
d2c5c2f9a3
chore: [Snyk] Security upgrade sidekiq from 7.2.0 to 7.2.1 (#8748)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2024-01-22 13:12:26 +04:00
dependabot[bot]
e34ab5957f
chore(deps): bump puma from 6.3.1 to 6.4.2 (#8663)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 16:51:30 -08:00
Sojan Jose
c6ecf80dff
chore(synk): Upgrade administrate to fix 2 vulnerabilities (#8625)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2024-01-04 13:38:03 -08:00
Sojan Jose
c29b77c214
chore(snyk): Security upgrade factory_bot_rails from 6.4.2 to 6.4.3 (#8628)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2024-01-04 10:47:48 -08:00
Sojan Jose
1ddb73ea97
chore(security): Security upgrade omniauth from 2.1.1 to 2.1.2 (#8591)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-12-20 13:38:34 -08:00
Sojan Jose
03ebb6947b
chore(synk): Upgrade sentry-rails from 5.13.0 to 5.14.0 (#8420)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2023-12-10 22:00:17 -08:00
Sojan Jose
c53591f049
chore(snyk): Security upgrade sidekiq-cron from 1.11.0 to 1.12.0 (#8523)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2023-12-10 21:59:12 -08:00
Sojan Jose
2ae9bbb24e
chore(snyk): Security upgrade factory_bot_rails from 6.2.0 to 6.4.2 (#8371)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2023-12-10 20:43:58 -08:00
Sojan Jose
38240a68aa
[Snyk] Security upgrade rack-mini-profiler from 3.1.1 to 3.2.0 (#8508)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-12-10 15:02:59 -08:00
Sojan Jose
e750ee6d28
chore: [Snyk] Security upgrade administrate-field-active_storage from 0.4.2 to 1.0.0 (#8382)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-11-20 19:42:54 -08:00
Sojan Jose
59ace66c6f
chore: [Snyk] Fix for vulnerabilities (#8340)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-11-17 15:24:00 -08:00
Sojan Jose
decef1ad52
chore: Add rails_panel gem for query debugging (#8370) 2023-11-18 02:30:35 +05:30
Sojan Jose
f891cfbf47
chore: [Snyk] Security upgrade sidekiq-cron from 1.10.1 to 1.11.0 (#8294)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-11-08 10:32:04 +05:30
Sojan Jose
66229b0d6b
chore: [Snyk] Security upgrade audited from 5.4.0 to 5.4.1 (#8305)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-11-07 17:45:32 -08:00
Pranav Raj S
1e70223ed7
chore: Upgrade Cypress to 13.4.0 (#8271) 2023-10-31 19:39:34 -07:00
Sojan Jose
f34cd3ea61
chore: [Snyk] Security upgrade newrelic-sidekiq-metrics from 1.6.1 to 1.6.2 (#8254)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-10-31 18:24:18 -07:00
Sojan Jose
7b09fa4a03
chore(snyk): Upgrade gems to fix SNYK-RUBY-RACK-1061917 (#8104)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-10-13 09:24:50 +05:30
Muhsin Keloth
26e8877cd9
feat: Support link unfurling for all the channels within the same connected channel account. (#8033) 2023-10-08 17:55:03 +05:30
Sojan Jose
d8b53f5d2f
chore: [Snyk] Security upgrade audited from 5.3.3 to 5.4.0 (#8023)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-09-30 19:49:03 -07:00
Sojan Jose
dd0930d75e
chore: Improve search in super admin panel (#7952)
Co-authored-by: Vishnu Narayanan <vishnu@chatwoot.com>
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2023-09-22 19:41:13 +05:30
Sojan Jose
cb07ac16d1
chore: [Snyk] Fix for 1 vulnerabilities (#7906)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-09-12 18:03:58 -07:00
Sojan Jose
272f920811
chore: [Snyk] Security upgrade rails from 7.0.7.2 to 7.0.8 (#7888)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-09-11 19:12:38 -07:00
Sojan Jose
4acb824857
chore: [Snyk] Fix for 1 vulnerabilities (#7870)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-09-06 18:36:32 -07:00
Sojan Jose
99bb074656
chore: Security upgrade web-console from 4.2.0 to 4.2.1 (#7864)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-09-06 11:31:05 +05:30
Sojan Jose
4cbb3208e8
chore: Revert gem update (#7792)
- updating redis client caused deployment issues in Heroku, hence reverting to prev version until its resolved
2023-08-24 01:08:34 -07:00
Sojan Jose
acb7debd3f
chore: Contact import improvements (#7787)
- Ensure existing contact information is updated on data import
- Refactor the existing job to make it more readable
- Fixes issues with import files in the wrong encoding
fixes: #7307
2023-08-23 23:24:47 -07:00
Shivam Mishra
24468d71fb
feat: update rails (#7786)
Bump up rails
2023-08-23 13:45:55 -07:00
dependabot[bot]
22421b5ac8
chore(deps): bump puma from 6.2.2 to 6.3.1 (#7765)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shivam Mishra <scm.mymail@gmail.com>
2023-08-21 13:09:20 +07:00
dependabot[bot]
b5dec067a1
chore(deps): bump commonmarker from 0.23.9 to 0.23.10 (#7695)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-08 14:25:42 -07:00
Sojan Jose
7f0ca8b15d
fix: Security upgrade rack-mini-profiler from 3.1.0 to 3.1.1 [Snyk] (#7657)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-08-07 14:09:28 -07:00
Sojan Jose
c084ad5a68
[Snyk] Security upgrade lograge from 0.12.0 to 0.13.0 (#7635)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-08-04 16:56:11 -07:00
Sojan Jose
2d07577731
fix: [Snyk] Security upgrade rack-attack from 6.6.1 to 6.7.0 (#7625)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-07-27 09:06:56 +03:00
Sojan Jose
480f34803b
feat: Response Bot using GPT and Webpage Sources (#7518)
This commit introduces the ability to associate response sources to an inbox, allowing external webpages to be parsed by Chatwoot. The parsed data is converted into embeddings for use with GPT models when managing customer queries.

The implementation relies on the `pgvector` extension for PostgreSQL. Database migrations related to this feature are handled separately by `Features::ResponseBotService`. A future update will integrate these migrations into the default rails migrations, once compatibility with Postgres extensions across all self-hosted installation options is confirmed.

Additionally, a new GitHub action has been added to the CI pipeline to ensure the execution of specs related to this feature.
2023-07-21 18:11:51 +03:00
Sojan Jose
2b4f4f0b5c
[Snyk] Security upgrade administrate from 0.18.0 to 0.19.0 (#7547)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-07-20 12:47:54 -07:00
Sojan Jose
f72be94323
chore: [Snyk] Fix for 1 vulnerabilities (#7466)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-07-19 21:41:55 +03:00
Sojan Jose
1d718b92b7
chore: Fix schema disparities (#7554)
- Fixing the schema disparities that crept up during merges
- Also, fix the issue with migrate command regenerating the schema for contacts.rb model
2023-07-19 19:15:43 +03:00
Vishnu Narayanan
8babf7dec3
feat: add debug gem and more make commands (#7509) 2023-07-18 13:22:02 +05:30
Tejaswini Chile
10dd0ba647
feat: Sentiment Analysis (#7475) 2023-07-12 15:03:31 +05:30
Tejaswini Chile
71837bedf9
feat: Ability to customise the email sender name [CW-1629] (#7345) 2023-07-04 20:46:01 +05:30
TOMMY
26a75b250d
Merge pull request from GHSA-2472-ggjh-43h2 2023-06-27 17:22:54 +05:30
Snyk bot
8b91f0ffac
fix: Gemfile.lock to reduce vulnerabilities (#7280)
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917

Co-authored-by: Sojan Jose <sojan@pepalo.com>
2023-06-14 15:40:24 +05:30
Sojan Jose
48f2e58e59
feat: Ability to update avatars from super admin (#7264)
- Ability to update user avatars from super admin
- Ability to update bot avatars from super admin

fixes: #7060
2023-06-09 15:32:24 +05:30
Vishnu Narayanan
123fc73394
feat: add audit trail for sign_in and sign_out (#7158)
* feat: add audit_trail for sign_in event

* chore: ignore unrelated User model columns for auditing

* chore: fix prepend call for webhook/automation rule

* chore: add spec for sign_in event

* chore: refactor sign_in auditlog method to enterprise namespace

* feat: add sign_out audit trail

* feat: review comments
2023-05-25 14:27:30 +05:30
Shivam Mishra
105f9a27d2
feat: more CSAT filters (#7038)
* refactor: use grid instead of flex

* refactor: let the parent layout decide the spacing

* feat: add a separate date-range component

* refactor: use new date-range component

* fix: destructure all options

* refactor: separate group by component

* refactor: better handle group by data

* fix: defaul group by

* refactor: variable naming

* refactor: use DATE_RANGE_OPTIONS directly

* chore: update platform in gemfile.lock

* refactor: trigger fetch on filter change

* refactor: remove redundant method

* refactor: simplify methods and emitting

* refactor: simplify filter logic

* refactor: simplify fetching

* refactor: imports

* refactor: prop name

* refactor: CSAT response to use new APIs

* refactor: use common filter event

* refactor: use computed value for validGroupBy

* refactor: better function names

* refactor: rename prop

* refactor: remove redundant props

* refactor: separate agents filter component

* feat: add labels filter

* feat: add inboxes filter

* fix: event

* refactor: send label and inbox along with request payload

* feat: add inbox filter

* feat: add inbox to download

* refactor: use request payload from computed property

* refactor: params

* feat: add team to csat filters

* feat: add team to csat filters

* feat: add filter for rating

* feat: reverse options

* feat: add labels for ratings and translations

* feat: update translation

* fix: margin and spacing

* fix: trailing whitespace

* feat: add tests for filters

* chore: move files

* feat: add try catch with alerts

* feat: update import

* fix: imports

* Updates broken imports

---------

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
Co-authored-by: Nithin David Thomas <1277421+nithindavid@users.noreply.github.com>
2023-05-18 22:50:46 +05:30
Pranav Raj S
ce3e38df0f
chore: Update the design of the help center portal (#6775) 2023-05-08 15:31:38 -07:00
Pranav Raj S
683f259771
fix: Fix rendering issues in Help Center (#7042) 2023-05-08 12:23:26 -07:00
Vishnu Narayanan
51fb3b7e8e
fix: enable lograge in superadmin path (#7026)
* fix: lograge superadmin path
* chore: add spec for superadmin devise session controller
* chore: address review comment
2023-05-08 13:43:55 +05:30
Sojan Jose
022383d942
chore: Upgrade to Rails 7 (#6719)
fixes: #6736
2023-05-06 10:44:52 +05:30
dependabot[bot]
937338e3ea
chore(deps): bump audited from 5.2.0 to 5.3.3 (#7016)
Bumps [audited](https://github.com/collectiveidea/audited) from 5.2.0 to 5.3.3.
- [Release notes](https://github.com/collectiveidea/audited/releases)
- [Changelog](https://github.com/collectiveidea/audited/blob/main/CHANGELOG.md)
- [Commits](https://github.com/collectiveidea/audited/compare/v5.2.0...v5.3.3)

---
updated-dependencies:
- dependency-name: audited
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-03 14:13:04 +05:30
Tejaswini Chile
44837aa657
Fix: save twitter profile for inbox (#6667)
Fixes: #737
2023-04-12 14:16:24 +05:30
dependabot[bot]
d04344c094
chore(deps): bump commonmarker from 0.23.7 to 0.23.9 (#6892)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.7 to 0.23.9.
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Changelog](https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v0.23.9)

---
updated-dependencies:
- dependency-name: commonmarker
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sojan Jose <sojan@pepalo.com>
2023-04-12 14:08:14 +05:30
dependabot[bot]
2731c2a5be
chore(deps): bump nokogiri from 1.14.2 to 1.14.3 (#6893)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.2 to 1.14.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.14.2...v1.14.3)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 13:29:57 +05:30
Vishnu Narayanan
71c5a1e1d4
feat: add lograge to improve logging (#5423)
- Add lograge gem to improve rails logging using `LOGRAGE_ENABLED` env variable
- When enabled Single line log for requests in JSON formatting
- Switch sidekiq also to use JSON formatting

Fixes: chatwoot/product#437
---------

Co-authored-by: Sojan Jose <sojan@pepalo.com>
2023-04-07 13:44:30 +05:30
Shivam Mishra
bc8e8f3bb5
feat: add index to conversation id and account_id (#6757)
- This PR adds an index to conversations id and account_id. This improves the performance of some reports query
2023-03-28 22:34:04 +05:30
Sojan Jose
a99c37ae5e
chore: Resolve bundle audit (#6671)
- Update gems to resolve bundle Audit advisories
2023-03-15 14:05:54 +05:30
Sojan Jose
e8a174f689
chore: Add sidekiq metrics to newrelic (#6659)
* chore: Add sidekiq stats to newrelic

* chore: add gemlock
2023-03-14 20:50:28 +05:30
Sojan Jose
5166fd8948
chore: Update gems (#6628)
- Updating gems based on ruby advisory warnings
2023-03-08 17:40:21 +05:30
Vishnu Narayanan
d870b0815a
feat: Audit log APIs (#6434)
- Adds the appropriate APIs for Audit Logs.

ref: #6015
2023-03-01 20:02:58 +05:30
Sojan Jose
c9c3ac4b44
chore: Load only required APMs (#6497)
- Disable requiring the gems for all the APMs 
- Switch to selectively requiring them.
2023-03-01 14:31:51 +05:30
Shivam Mishra
7be2ef3292
feat: Google OAuth for login & signup (#6346)
This PR adds Google OAuth for all existing users, allowing users to log in or sign up via their Google account.

---------

Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
Co-authored-by: Fayaz Ahmed <15716057+fayazara@users.noreply.github.com>
Co-authored-by: Sojan <sojan@pepalo.com>
2023-02-16 11:12:02 +05:30
Pranav Raj S
80784e3cab
feat: Add Google Translate API Integration (#6454) 2023-02-15 20:50:45 -08:00
Sojan Jose
f0fbaacaf7
chore: Switch to csv-safe gem to avoid csv injection (#6444) 2023-02-13 13:38:36 -08:00
Sojan Jose
aab6b10b67
[Snyk] Fix for 9 vulnerabilities (#6304) 2023-02-08 18:29:41 +05:30
Sojan Jose
38aee8d9ea
chore: Switch to web-push gem (#6390)
- The previous gem, `webpush` was last updated a while ago. Also, with the recent ruby upgrade, we needed a fix for zaru/webpush#106. Hence switching to the `web-push` gem where the issues are fixed.
2023-02-03 18:55:22 +05:30
Sojan Jose
ef02fff71e
chore: Update Newrelic agent (#6388)
- update new relic agent to 8.15
2023-02-03 16:47:10 +05:30
dependabot[bot]
30fcb47477
chore(deps): bump commonmarker from 0.23.6 to 0.23.7 (#6342)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.6 to 0.23.7.
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Changelog](https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7)

---
updated-dependencies:
- dependency-name: commonmarker
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-02 13:13:35 -08:00
Vishnu Narayanan
b1ec67d110
chore: upgrade ruby to 3.1.3 (#5555)
* chore: update to ruby 3.1.3

* chore: ping docker version to alpine3.16 for nodev16.x

Starting with Node 17, nodejs switched to OpenSSL3. The docker builds
are installing node18.xx with alpine-3.1.3.

From Node.js 17's announcement post:

    If you hit an ERR_OSSL_EVP_UNSUPPORTED error in your application
with Node.js 17, it’s likely that your application or a module you’re
using is attempting to use an algorithm or key size which is no longer
allowed by default with OpenSSL 3.0. A new command-line option,
--openssl-legacy-provider, has been added to revert to the legacy
provider as a temporary workaround for these tightened restrictions.

Looks like a webpack issue. This is fixed in webpacl 5+ and we are on
webpack4 at the moment.
Solutions

    Upgrade webpack.
    Pin nodejs version to be 16.x.x
    Use  --openssl-legacy-provider as a workaround.

Pin docker version to alpine3.16 branch to have node16.x by default

ref:
https://github.com/chatwoot/chatwoot/pull/5555#issuecomment-1379778532

* chore: update webmock

* chore: fix ruby gem path in dockerfile

* chore: switch to node16 in circleci

* chore: update ruby version in linux installer script

* chore: update ruby version in linux installer script

* chore: fix circleci

* chore: fix circleci

* feat: upgrade node version to 16.x in linux installer

* chore: update systemd files

Co-authored-by: Sojan Jose <sojan@chatwoot.com>
2023-01-24 23:55:07 +05:30
Tejaswini Chile
551dd81d21
chore: change the execution flow for deleting the invalid instagram story (#6313)
* fix: change the execution flow for deleting the invalid instagram story

* fix: bundle audit update fix
2023-01-23 16:23:35 +05:30
Jan Matuszewski
d46f96e45c
Fix performance of report builder spec (#6024) 2023-01-17 09:27:50 +05:30
Tejaswini Chile
00cbdaa8ca
Feat: Support for Microsoft Oauth in Email Channel (#6227)
- Adds the backend APIs required for Microsoft Email Channels

Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
Co-authored-by: Sojan <sojan@pepalo.com>
2023-01-17 02:39:05 +05:30
dependabot[bot]
c88ea257d5
chore(deps): bump httparty from 0.20.0 to 0.21.0 (#6164)
Bumps [httparty](https://github.com/jnunemaker/httparty) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/jnunemaker/httparty/releases)
- [Changelog](https://github.com/jnunemaker/httparty/blob/master/Changelog.md)
- [Commits](https://github.com/jnunemaker/httparty/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: httparty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04 14:35:57 +05:30
Sojan Jose
f8e6308caf
chore: [Snyk] Fix for 7 vulnerabilities (#6075)
* fix: Gemfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-LOOFAH-3168317
- https://snyk.io/vuln/SNYK-RUBY-LOOFAH-3168318
- https://snyk.io/vuln/SNYK-RUBY-LOOFAH-3168649
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168316
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168646
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168647
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168648

* chore: update gemlock

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2022-12-15 16:40:50 +05:30
dependabot[bot]
8222a47154
chore(deps): bump rails-html-sanitizer from 1.4.3 to 1.4.4 (#6074)
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)
- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.4.3...v1.4.4)

---
updated-dependencies:
- dependency-name: rails-html-sanitizer
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-14 12:51:12 -08:00
dependabot[bot]
431e2931c4
chore(deps): bump nokogiri from 1.13.9 to 1.13.10 (#6040)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.9 to 1.13.10.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.9...v1.13.10)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-08 14:01:52 +03:00
Tejaswini Chile
0343acdb7e
fix: ensure contact_inbox if contact exists(#5667)
- Fixing Instagram issue for existing contacts in the inbox
2022-10-19 12:56:39 -07:00
dependabot[bot]
0a9ea6e272
chore(deps): bump google-protobuf from 3.21.2 to 3.21.7 (#5550)
Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 3.21.2 to 3.21.7.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/generate_changelog.py)
- [Commits](https://github.com/protocolbuffers/protobuf/compare/v3.21.2...v3.21.7)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Sojan Jose <sojan@pepalo.com>
2022-10-05 17:32:00 -07:00
Sojan Jose
8b0e95ece8
fix: Flakiness in CI pipeline (#5562)
- Fixing the recent flakiness in CI pipelines
2022-10-05 10:59:31 -07:00
dependabot[bot]
b463ce5b1a
chore(deps): bump commonmarker from 0.23.5 to 0.23.6 (#5480)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.5 to 0.23.6.
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Changelog](https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gjtorikian/commonmarker/compare/v0.23.5...v0.23.6)

---
updated-dependencies:
- dependency-name: commonmarker
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-21 20:43:08 -07:00
Kyle McLaren
bc3e7d2b5e
chore: Support for Elastic APM (#5004)
This PR adds support for Elastic APM for APM and Tracing in self-hosted installations.
Configuration can be done via the ELASTIC_APM_SERVER_URL and ELASTIC_APM_SECRET_TOKEN env variables.

fixes: #4999
2022-07-22 11:39:37 +02:00
Pranav Raj S
1dc7ce526e
chore: Add ee helper, custom_attributes to account (#5058) 2022-07-19 00:33:06 +05:30
Sojan Jose
4187428729
chore: Update dependencies to the latest versions (#5033) 2022-07-15 09:51:59 +07:00